A network security engineer would like to allow authorized groups to access network devices with
a shell restricted to only show information while still authenticating the administrator’s group to an
unrestricted shell. Which of the following can be configured to authenticate and enforce these shell
restrictions? (Select TWO).

An administrator is unable to connect to a server via VNC.
Upon investigating the host firewall configuration, the administrator sees the following lines:
A INPUT -m state –state NEW -m tcp -p tcp –dport 3389 -j DENY
A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j DENY
A INPUT -m state –state NEW -m tcp -p tcp –dport 10000 -j ACCEPT
A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j DENY
A INPUT -m state –state NEW -m tcp -p tcp –sport 3389 -j ACCEPT
Which of the following should occur to allow VNC access to the server?

Company A is trying to implement controls to reduce costs and time spent on litigation.
To accomplish this, Company A has established several goals:
Prevent data breaches from lost/stolen assets
Reduce time to fulfill e-discovery requests
Prevent PII from leaving the network
Lessen the network perimeter attack surface
Reduce internal fraud
Which of the following solutions accomplishes the MOST of these goals?

A security architect is seeking to outsource company server resources to a commercial cloud
service provider. The provider under consideration has a reputation for poorly controlling physical
access to datacenters and has been the victim of multiple social engineering attacks. The service
provider regularly assigns VMs from multiple clients to the same physical resources. When
conducting the final risk assessment which of the following should the security architect take into
consideration?